What we check,
when, and why.

Beast partners with a regulated, EU-based identity verification provider. Before a driver can ever rent, they upload a government-issued ID (passport, national ID, or driving licence), then prove they are the person in the document with a live face capture. The document is checked for authenticity. The face match is biometric.

Name, date of birth, document expiry, licence category, and issuing country are extracted as structured fields, not free text. Beast itself does not keep the raw scans. We keep the verification outcome and a reference back to the original session so any later review can be tied back to it.

A driver cannot start a rental until they hold a current, approved verification. This is enforced at the rental-start API itself, not just in the mobile app.

Identity is one half of “may this person drive this car.” The driving licence is the other.

• Category enforcement. Only licences valid for the relevant vehicle category are accepted. Other categories are auto-declined.
• Expiry tracking. Every rental start re-checks the licence against the rental window. An expired licence blocks the rental, even if the driver was previously approved.
• Minimum age. Enforced at verification time and again at the moment of unlock.
• Issuing country. Recorded and used as one input to risk scoring.

If a licence is renewed or anything material changes, the driver is required to re-verify before their next rental.

All card processing runs through Stripe. Beast itself never stores raw card data; sensitive payment material lives inside the PCI-compliant processor. Partner payouts run through Stripe Connect.

For each rental, the platform:

1. Pre-authorises a security deposit on the driver's card before the car is unlocked. The hold is real money reserved on the card.
2. Captures usage charges at the end of the rental, based on actual time, distance, and any add-ons.
3. Releases the unused deposit automatically when the rental closes without incident.
4. Pays out to the partner through Stripe Connect, with each payout traceable back to the rentals that funded it.

Partial captures are supported, so if there is damage or a fee owed, Beast captures exactly the agreed amount from the held deposit rather than re-charging the driver from scratch. Every payment state change is logged and reconcilable.

Vehicles are unlocked and locked through the manufacturer's fleet API, with credentials managed per-vehicle on Beast's backend. The driver's app never holds the keys directly. Every unlock or lock is an authenticated command issued by Beast.

• Unlock at start is only permitted once identity, payment, and risk checks have all cleared, and the car is in an expected state.
• Lock at end requires the car to be in Park and not actively charging. Beast will refuse to close a rental if the car is still in Drive or Reverse, or if a charging session is in progress.
• Credential rotation. Vehicle access tokens are refreshed automatically. If a token is revoked upstream, Beast detects it and re-establishes the link.

The encryption keys used to protect vehicle credentials at rest are kept outside the application code, in environment-managed secret storage.

For supported vehicles, Beast ingests a continuous telemetry stream throughout the rental. The platform observes location, heading, speed, odometer, battery state, charging state, shift position, and door lock status, at minimum.

The same data feeds operational monitoring. If a car is parked outside its allowed return zone, Beast notices. If a rental is being ended with the car still charging, Beast notices. Every datapoint is stored per vehicle and tied to the rental in progress, so any later review has a precise record of what the car was doing.

Beast runs a multi-signal risk assessment when a rental is booked, and again at sensitive transitions, particularly the unlock. Without exposing the specific rules, the platform looks at signals such as:

• Geographic consistency. Whether the driver's payment method, identity document, and current location form a coherent picture.
• Device behaviour. Concurrent device usage, device churn, and other signs that an account may have been compromised or shared.
• Location plausibility. Whether the driver is physically close enough to the car to actually start the rental, and whether their reported location is fresh.
• Document and identity reuse. Automated detection of duplicate accounts using the same identity document.
• Booking patterns. Combinations of factors that historically correlate with abuse.

When a rental looks higher-risk, Beast can require a live biometric re-authentication before continuing, or route the case to a human reviewer. Low-risk rentals proceed unimpeded. The aim is to keep the everyday driver experience friction-free while raising the bar precisely where it matters.

Driver accounts are backed by Firebase Authentication. Tokens are validated server-side on every request.

Operator (back-office) accounts use single sign-on as the primary path, with a tightly scoped email and password fallback restricted to an explicit whitelist. Passwords are stored using a modern, salted hash.

Authorisation is role-based. Operator users see only what their role permits, and sensitive actions (refunds, manual overrides, vehicle commands) are logged. API keys, vehicle credentials, encryption keys, and third-party tokens all live in a dedicated secret manager, scoped per environment, never in the codebase.

Every rental, payment, verification, and risk decision emits a structured event onto an internal pub-sub bus. These events are consumed by:

• Reconciliation workers that keep payments and rental state aligned.
• Notification workers that send transactional comms to drivers and partners.
• Risk workers that re-evaluate sessions when new signals arrive.
• Reporting pipelines that feed operational dashboards.

The audit trail for any given rental, “what was checked, when, and what was the outcome,” is reconstructable end to end. Recovery from transient failures (a third-party timeout, a brief outage) is automatic rather than manual. Errors are captured in Sentry with full context. Critical conditions page the on-call team.

• In transit. All traffic between clients, the backend, and third parties is over TLS.
• At rest. Sensitive fields (vehicle credentials, third-party tokens) are encrypted with keys held outside the application.
• PII minimisation. Biometric data and identity documents stay with the verification provider, not duplicated into Beast's own database. Beast stores the verified outcome and the reference, not the raw scans.
• Payment data. Card details never touch Beast's servers. The platform only ever sees processor-issued tokens.
• Regional alignment. Production data, secrets, and supporting infrastructure are operated in the EU.

Vehicle insurance is arranged and maintained by the partner. Beast does not bind coverage on the partner's behalf. Partners are responsible for ensuring their policy is valid for short-term rental use in the relevant market.

What Beast contributes to that relationship is evidence: a precise record of who drove the car, when, between which locations, and under what conditions. Rental start and end timestamps, verified driver identity, telemetry snapshots, and any flags raised during the rental are all preserved and available to the partner. Claims and incident reviews become straightforward.